(NEXSTAR) – Apple releases emergency software update on Monday after hackers discover vulnerabilities that could infect iPhones, iPads, Apple computers and watches without users clicking on malicious links Did. Detected spyware can expose Apple devices to data theft and eavesdropping.
Defect was detected by Citizen Lab researcher at the University of Toronto, Spyware from NSO Group, the world’s most notorious hacker hiring company, has been found infected with the iPhone of a Saudi activist.
This was the first time a so-called “zero-click” exploit was detected and analyzed, researchers said, alerting Apple shortly after finding malicious code on September 7. They said they were confident that the Israeli company NSO Group was behind the attack, adding that the targeted activists demanded that they remain anonymous.
The flaws found by Citizen Lab affected all Apple operating systems, the researchers said. According to security experts, the average iPhone, iPad, and Mac user generally doesn’t have to worry, but such attacks tend to be targeted.
Still, Apple said In a blog post We issued security updates for iPhone and iPad because “maliciously created” PDF files could be hacked. He acknowledged that this issue could have been abused and quoted Citizen Lab.
Users are encouraged to check if automatic software updates are enabled in their device settings. If not, you should consider performing the update manually.
“Do you have an Apple product? Citizen Lab researcher John ScotRailton said: New York Times..
Malicious image files are sent to activist phones via the iMessage instant messaging app and then hacked by NSO’s Pegasus spyware, leading to eavesdropping and remote data theft, Marczak said. It was discovered during a second examination of the phone, which indicated that forensic medicine was infected in March. He said malicious files cause device crashes.
NSO Group did not immediately respond to emails asking for comment.
Researcher John Scott-Railton said the news highlights the importance of protecting popular messaging apps from such attacks. “Chat apps are becoming the primary way for nation-states and mercenary hackers to access their phones,” he said. “And that’s why it’s so important to focus on making sure your company is locked down as much as possible.”
As the NSO argues, the findings also reveal that NSO’s business model involves selling spyware not only to law enforcement officers tracking cybercriminals and terrorists, but also to governments that abuse spyware. The researchers said.
“If Pegasus had only been used against criminals and terrorists, we wouldn’t have found anything like this,” said Citizen Lab researcher Bill Marzac.
Facebook’s WhatsApp is also allegedly targeted by NSO’s zero-click exploit. October 2019, Facebook sued NSO in US federal court It is said to have targeted approximately 1,400 users of messaging services encrypted using spyware.
Announced by the Global Media Consortium in July Damn report The Hacker for Hire Group is directly involved in targeting how NSO Group’s clients have been spying on journalists, human rights activists, political opponents, and those close to them for years.
Suggest a fix
Why Apple users Need to Update Their Mobile Phones, Computers, and Watches Immediately
Source link Why Apple users Need to Update Their Mobile Phones, Computers, and Watches Immediately